Using Cryptographic Mechanisms in Safety-critical Applications

摘要

This paper considers the use of cryptographic mechanisms in safety-critical systems based on the example of a railway signalling system. It describes rules and conditions to be observed when using such mechanisms in a safety-related environment. Specifically, it defines 1. under what circumstances a mechanism is cryptographically 'strong', i.e. an adversary cannot attack the system successfully and 2. which functions of cryptographic mechanisms are vital functions and must be implemented using a fail-safe concept, with the aim of reducing the amount of program code in safety-critical computer systems. The relationship between the concepts of cryptographic strength and fail-safety is shown. When safety-critical systems depend on open communication systems, hazardous situations may result due to the loss of communication security.